i tried looking through the archives for this problem (ubb's going fast...) and i can't find it anywhere on the web with a straight answer, so...

i've got to move a group of servers. two of these servers need to be externally accessible and need to talk to the other boxes, sql or something. the subnet i have to move to does not have enough real ip addresses for them all. i'm not the admin, just trying to do what was requested.

what i would like is to set them all up private with a (debian) router doing NAT. the two web servers need their own real addresses, though. is there any way to
a.) provide one-to-one mapping of real addresses to the two private addresses while also
b.) allowing the other servers to access the net and talk to the web servers on the private net?

i'm looking into using ipchains so far, but although i'm pretty handy with linux, i've not used ipchains/ipmasq much...at all. if its possible, i'd like for the external interface on the router to basically have 3 ip addresses - one for each of the servers and one to dynamically NAT the remaining boxen. i don't think port forwarding is an option. i can also use iptables and the 2.4 kernel if that's a better way to go.

hmm, i'm sure i didn't convey that clearly, but if you can grasp that at all...is there anyway to accomplish this?

- REL3

Maybe you want to use FreeBSD (or some other BSD) instead. Although I have not done it, I have read of ways to use IPFW or IPFilter in the BSDs to map IPs, ports, etc.

IPChains is going the way of the dinosaurs so you might want to stay away from that.

I use FreeBSD as an Internet gateway/router and have the firewall set up to handle IPSec VPN (Nortel Networks Extranet).

Check out Networking/Security at bsdvault.net for how I did it.